Comments (0)

By Matthieu, 2021-03-20 23:00

Installed a new Ubiquiti USG at an office downtown today, and noticed that in the 8 hours since the system was first up, it had detected over 800 nearby networks. I decided to analyze the data a bit for fun.

First, the channel. I was surprised to see that over half of all detected APs were on channel 6.

It does make sense that there are far more 2.4GHz APs detected, since it has better signal penetration.

Next up, security standards.

Nearly 90% of APs are using WPA2 of some sort, and just over 10% are open. Less than 1% use WPA.

Now, arguably the most interesting – the AP manufacturer, according to OUI lookup.

Note: some OUIs were not recognized, so the dataset is slightly less than 800 here.

In the manufacturer breakdown we se a lot of the usual brands – Cisco, Aruba and Ubiquiti are in the top. Technicolor, Sagemcom, ASUS, HP, Juniper, Sonicwall are all also common network vendors. But what of the others?

The biggest “unusual” vendor we see is Mitsumi. Mitsumi is generally known as an OEM that manufactures PC peripherals and input devices – mice, keyboards, floppy and optical drives, and quite a few game consoles. It’s not surprising that they would make WiFi radios, but I wouldn’t expect their OUI to be used as an OEM.

Looking a bit further at the data, most of the Mitsumi networks’ SSIDs are in the format “WiFi Hotspot 0000” (where 0000 is a random 4 digits). However, a few of them had names such as “Cruze”, “Volt”, “Equinox” and “Malibu”. So, apparently Mitsumi manufactures the WiFi radio for the GM OnStar car hotspots.

Continuing on with the less-known OUI vendors, we also see Visteon, Continen (Continental), Harman/B (Harman/Becker), and AlpsElec (Alps Electric).

Alps, like Mitsumi, is an OEM known for PC peripherals – particularly keyboards and laptop touchpads. In this case, the SSIDs for the Alps APs are all some variant of “MB Hotspot 000” – so they are Mercedes-Benz car hotspots.

So, unsurprisingly, the other 3 are also car electronics OEMs.

Visteon – spun off from Ford in 2000, they specialize in car infotainment and other electronics systems.
Continental Automotive Systems – The electronics systems branch of German company Continental Tire.
Harman/Becker – a division of Samsung, specialized in car electronics, resulting from the Harman company’s acquisition of Becker, a German car radio manufacturer.

Today’s takeaway: a LOT of cars have WiFi hotspots built-in these days!

Comments (0)

By Matthieu, 2021-03-07 22:05

Got frustrated that this form wasn’t available as a proper PDF form, so made it myself. Intended only as a convenience for those who wish to use it. PDF is not password-protected or signed.

Download a copy of the 4383-80E pdf form (Patient Enrolment and Consent to Release Personal Health Information) below.

Comments (0)

By Matthieu, 2021-01-27 13:35

Intel used to host these on their website, but took them down in a purge a few years back. So here are the drivers I saved a while back.

XBEM – Ethernet + Modem
XBE – Ethernet only

The 314 ones are from Intel (2000), the others are from Dell and a bit older (1999). All versions in one 7-zip file.

Comments (1)

By Matthieu, 2019-04-29 09:55

Update: Even after doing all this the system still locks up randomly when using the amdgpu driver.

I’m running dual AMD FirePro W2100 driving 3 monitors in my workstation. Since installing the cards I’ve been suffering random freezes/graphical lockups that seemed to be related to 3D. They occurred typically during an animation in gnome-shell, or when using Firefox or Chrome with hardware acceleration. Most times, I was able to recover by logging in to the machine via ssh and sending killall -HUP to the appropriate process (usually gnome-shell). Every time this happened, syslog would be full of GPU faults:

[ 2482.763707] radeon 0000:02:00.0: GPU fault detected: 146 0x0468100c
[ 2482.763708] radeon 0000:02:00.0:   VM_CONTEXT1_PROTECTION_FAULT_ADDR   0x0011173E
[ 2482.763709] radeon 0000:02:00.0:   VM_CONTEXT1_PROTECTION_FAULT_STATUS 0x0805000C
[ 2482.763710] VM fault (0x0c, vmid 4) at page 1120062, read from CB (80)
[ 2482.763713] radeon 0000:02:00.0: GPU fault detected: 146 0x0408500c
[ 2482.763714] radeon 0000:02:00.0:   VM_CONTEXT1_PROTECTION_FAULT_ADDR   0x00111744
[ 2482.763715] radeon 0000:02:00.0:   VM_CONTEXT1_PROTECTION_FAULT_STATUS 0x0805000C
[ 2482.763717] VM fault (0x0c, vmid 4) at page 1120068, read from CB (80)

I tried updating my kernel (going from Ubuntu 18.04 to 18.10 and even reinstalling with Pop!_OS 18.10 than 19.04) and updating graphics drivers using the oibaf ppa, to no avail. Finally found what seems to be the solution on HackerNews (thanks danieldk) – force the use of the newer amdgpu driver rather than the older radeon driver. The W2100 is a first-generation GCN chip and so is supported by both drivers, and radeon is chosen as the default. To force amdgpu, you need to pass the kernel flags

amdgpu.si_support=1 radeon.si_support=0 amdgpu.cik_support=1 radeon.ciksupport=0

In Ubuntu, add these to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub, then run update_grub. Pop!_OS doesn’t use grub, so you need to add each flag using kernelstub -a amdgpu.si_support=1 and repeating for each of the 4.

So far, my system seems stable since this change. I will update this post if anything changes.

Comments (0)

By Matthieu, 2018-04-08 10:28

Oracle have decided to disable access to Java apps that use MD5withRSA signatures. For instance, when launching the .jnlp file to connect to my Lantronix Spider remote KVM, I am presented with this error:

To fix this, we have to change Java’s security settings. Unfortunately, settings for signature algorithms are not in the Java Control Panel, so we have to edit the config files directly.

On macOS, the default JRE installation’s root directory ($JAVA_HOME) is

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home

on Windows, it would be

C:\Program Files\Java\jre1.8.0_131

where “1.8.0_131” is your specific Java version, and on Linux, JRE is installed in

/usr/lib/jvm/java-1.7.0-openjdk-amd64

once again where “1.7.0-openjdk-amd64” is your specific Java version.

In the JRE directory, we then need to edit the file

$JAVA_HOME/lib/security/java.security

and comment out the line that starts with “jdk.jar.disabledAlgorithms” by prefixing a #. Note that this will allow jar files signed with any algorithms to run, which can be considered insecure.

Sources:

• https://learningintheopen.org/2017/11/03/java-jnlp-error-weak-signature-algorithm-md5withrsa/
• https://stackoverflow.com/questions/15826202/where-is-java-installed-on-mac-os-x

Comments (0)

By Matthieu, 2017-09-14 14:31

After installing Wine in Ubuntu Gnome 17.04, I noticed that double-clicking on .exe files in Nautilus still opened them in Archive Manager. I tried the usual right-click > Properties > Open With, but Wine was not listed as an available option.

It turns out that in the Wine package for Ubuntu 17.04, the wine.desktop file is not created in /usr/share/applications, and so does not show up in the Gnome GUI. To make things work, we need to copy the wine.desktop file from /usr/share/doc/wine-stable/examples/ to /usr/share/applications/

sudo cp /usr/share/doc/wine-stable/examples/wine.desktop /usr/share/applications/

Then edit the .desktop file to unhide it from the menus –

sudo nano /usr/share/applications/wine.desktop

Change NoDisplay=true to NoDisplay=false

Now, “Wine Windows Program Loader” is available as a choice in the Properties > Open With list.

Comments (0)

By Matthieu, 2017-04-10 20:07

Windows Default Soundfont

Arachna Soundfont

Comments (0)

By Matthieu, 2015-12-09 10:40

When setting up Postfix on Ubuntu/Debian as “Internet Site with smarthost” to use an external smtp relay, automatic e-mails intended for “root” (such as cron job error reports) get sent out to the smarthost with a To: address of [email protected] This can cause a problem as the smarthost doesn’t know where to deliver these messages to, since myhost.mydomain.com has no MX record.

The fix for this is (go figure) in the Postfix README:

Delivering some but not all accounts locally

A drawback of sending mail as “[email protected]” (instead of “[email protected]”) is that mail for “root” and other system accounts is also sent to the central mailhost. In order to deliver such accounts locally, you can set up virtual aliases as follows:

1 /etc/postfix/main.cf:
2     virtual_alias_maps = hash:/etc/postfix/virtual
3 
4 /etc/postfix/virtual:
5     root     [email protected]
6     . . .

Translation:

• Line 5: As described in the virtual(5) manual page, the bare name “root” matches “[email protected]” when “site” is equal to $myorigin, when “site” is listed in $mydestination, or when it matches $inet_interfaces or $proxy_interfaces.

Execute the command “postmap /etc/postfix/virtual” after editing the file.

Oddly, just adding the line

root: [email protected]

to /etc/aliases doesn’t work. You really need to do the steps outlined in the manual.

Comments (0)

By Matthieu, 2015-04-07 21:18

It’s really cool what we can do with computers these days. I generally take technology for granted, but sometimes I am just in awe of what is possible.

With the ubiquity of the Internet
It’s all too easy to forget
How amazing it is, that with relative ease –
Just a few strokes of the keys
A sysadmin can ssh to a box running Unix
On the other side of the world, or just across town.
And with just a few clicks
Bounce that Windows box that’s gone down.

Image credit: https://www.flickr.com/photos/stars6/4381851322/

Comments (0)

By Matthieu, 2015-03-29 23:40

I feel ready for the OPS235 exam. There are a few areas I need to brush up on, but overall I feel I have a grasp  of most of the course content.

Strengths

• CentOS installation
• KVM administration via GUI
• Package/software installation and updates
• tar and file archiving/management
• fstab and partition management

Weaknesses

• Knowledge of specific commands and arguments/switches (rely on man pages)
  • iptables syntax
  • lvm commands
• CentOS/RedHat-specific commands and conventions (used to Debian/Ubuntu)
• SELinux
• Memorization of .conf file structures

Exam review topics

• KVM network configuration
• User and group management